24

2 days ago my boss told me to scrape off security layer from my code. I am pissed off cause it took me 4 days to perfectly code that. Now his application is not secure.

Comments
  • 11
    uh would be a shame if some north korean hackers would exploit this issue and demand company threatening high ransom 😑
  • 5
    @heyheni yea. I am an intern. Will leave soon so who cares.
  • 5
    @FormulaCoin Ngl, if you made it secure and was told to make it insecure, you should sell vulns to make more money out of that fact.
  • 3
    @kescherRant nah not gonna do that. Gotta be clean
  • 1
    hi/ very fine
  • 0
  • 4
    I would say no.

    I would also have had it fully covered by specs, including security. So if anyone removed my security checks, the e.g. "it catches SQL Injections like 'drop database'" spec would fail and drop the database.
  • 1
    @Root well this is nice. Thanks for this.
  • 4
    Any particular reason why he said that? I mean why would someone make something insecure on purpose!
  • 2
    @FormulaCoin
    Don't get to frustrated. This kind of things happens. You need to learn to convince people about need of security. Take this as experience and check out how you could convince better.

    When you explain security explain in trimmed down sense. One of the main reason I see security is not treated well is it most of the times conflicts with usability.

    If remember time-space trade off. Same thing happens with usability and security. The most secure machine is one that is not usable by anyone. And it is much easier to think in terms of usability.

    Anyway this might not be what your case is, but remember that every experience can teach you stuff and have fun. I know the feeling when you tell them it is wrong but no one listens. As you go forward you will learn to convince people.
  • 0
  • 0
    @sak96 thanks man. I tried convincing him but he ain’t listening. I can’t let the project insecure so atlast will add some security without telling him.
  • 7
    Leave papertrail. List of all security features to be removed, Cc all your colleagues and let the boss confirm in writing to have these removed. Let there be no doubt who is responsible once it gets exploited.
  • 1
    As @qwwerty says! You'd better find witnesses to that crime of leaving exploits 😆
  • 0
    I just don't understand why someone would want security features removed. Did he say why?

    Maybe he's selling vulnerabilities...
Add Comment